Hackers compromised credit card readers at 63 Barnes & Noble stores, according to the company. The bookseller is urging customers to check their bank statements for fraudulent activity and to change their ATM pins.

According to the New York Times, the company found out about the breach on September 14 but refrained from alerting customers when the Justice Department asked it to keep mum. In all, around 7,000 credit card processors were taken out of Barnes & Noble stores to be studied for infections.

Barnes & Noble called the attack a “sophisticated criminal effort to steal credit card information.” It did assure customers, however, that its “customer database is secure” and that no purchases made online were sullied by the hack.

States affected include California, New York, Illinois, New Jersey, Florida, Pennsylvania, Massachusetts, Connecticut, and Rhode Island, according to a press release from Barnes & Noble. California was hit hardest with 20 infected stores, followed by Florida with 11, and New York with 10.

These stores currently do not have the separated credit card processors installed, the Times notes, but stores can still accept credit cards given the card readers built into its cash registers.

Barnes & Noble has not yet released how the hackers got into its credit card readers.